From ca0f2146abb1bf1caee1ef273a536c28015bda38 Mon Sep 17 00:00:00 2001
From: svch0stz <8684257+svch0stz@users.noreply.github.com>
Date: Wed, 7 Oct 2020 08:23:31 +1100
Subject: [PATCH] Update win_net_use_admin_share.yml

---
 rules/windows/builtin/win_net_use_admin_share.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rules/windows/builtin/win_net_use_admin_share.yml b/rules/windows/builtin/win_net_use_admin_share.yml
index 2493c2fad..6bf752976 100644
--- a/rules/windows/builtin/win_net_use_admin_share.yml
+++ b/rules/windows/builtin/win_net_use_admin_share.yml
@@ -4,11 +4,11 @@ status: experimental
 description: Detects when an admin share is mounted using net.exe
 references:
     - https://drive.google.com/file/d/1lKya3_mLnR3UQuCoiYruO3qgu052_iS_/view
-author: Teymur Kheirkhabarov '@HeirhabarovT', Zach Stanford '@svch0st'
+author: 'oscd.community, Teymur Kheirkhabarov @HeirhabarovT, Zach Stanford @svch0st'
 date: 2020/10/05
 tags:
     - attack.lateral_movement
-    - attack.T1021.002
+    - attack.t1021.002
 logsource:
     category: process_creation
     product: windows